A bill moving through Congress would deputize your Internet service provider as a government snoop.

HR1981 would force the company you pay for Internet access to store a year's worth of personal data and hand it over at the request of law enforcement.

The Protecting Children from Internet Pornographers Act of 2011 is geared to help police catch and prosecute people downloading or distributing child pornography. That's a just and noble cause that, much like the clever title, no one can argue with.

But there's always a delicate balance between the goals of law enforcement and the rights of individuals. The Fourth Amendment protects citizens from unreasonable searches and seizures, requiring probable cause and a judicially sanctioned warrant.

Under the proposal, your personal data would be collected even if you worked in a convent, and could be turned over to the government with as little as a subpoena. In some circumstances, these can be issued without any court oversight.

It's a reckless invasion of privacy that should be stopped in its tracks. Dozens of digital rights and civil liberties groups are rightly outraged, with some drawing parallels to the darkest days of communist police states.

The bill represents "a massive change in the way we do criminal law in this country," said Rep. Zoe Lofgren, D-San Jose, who is leading the opposition.

'Just in Case'

The New York Post noted that if legislators were required to assign bills honest names, this one would read: Forcing Your Internet Provider to Spy On You Just in Case You're a Criminal Act of 2011.

That's spot on: It would effectively require private companies to gather information on millions of people, just in case one of them broke the law at some point.

It's the digital equivalent of allowing the government to copy every letter mailed through the post office, in case you're one day suspected of mail fraud.

Law enforcement has been tapping into this sort of information for years, typically for legitimate purposes like investigating child pornography and cybercrime. They can often get the information through subpoenas, which can be issued by a clerk of the court or even an attorney, as an "officer of the court." Critics say that bar is already too low, because it doesn't require a judge's approval.

No oversight

Under the new law, the U.S. Marshals Service would also be able to issue administrative subpoenas, which don't require any court oversight or even probable cause, in certain circumstances.

What's worrisome is that the government has brazenly overreached in other areas where loosened rules gave them access to more data.

In recent years, the Justice Department's own audits have underscored blatant misuse of National Security Letters. It's another form of administrative subpoena for phone and data records that were made easier to issue for suspected terrorism cases under the Patriot Act.

Reports from the Office of the Inspector General found that the FBI understated its use of the letters by tens of thousands and circumvented the legal requirements for issuing them. It found "exigent letters" demanding data from agencies that said a subpoena had been requested, when it never had.

That all hardly argues for handing over more data, more readily.

The bill would mandate that any paid ISP retain the logs that track a subscriber's Internet protocol address, the series of numbers assigned to the account, at every given point for a year.

"Requiring Internet companies to redesign and reconfigure their systems to facilitate government surveillance of Americans' expressive activities is simply un-American," said Kevin Bankston, senior attorney with the Electronic Frontier Foundation, in a blog post.

The IP address does not, in itself, reveal Internet surfing habits. But the information can be matched up to other data to create a picture of online activity, which is why it's of interest to law enforcement (as well as divorce attorneys, insurance companies and law firms pressing copyright cases).

New questions

The bill would also require collecting a name, address and credit card number for account holders, which most landline ISPs do anyway. But it raises new questions about the temporary Internet services people frequently use, sitting at cafes, killing time at airports and getting some work done on transit.

For instance, would you have to hand that data over to Starbucks when you get Wi-Fi access with your cup of coffee?

Which brings us to the final critical point: security.

There's no such thing as foolproof data security, a point hammered home repeatedly in recent months, as everyone from Sony to the CIA got hacked. As a public policy matter, do we really want to compel more companies to store more consumer data for longer? Do hackers need juicier targets?

These security worries, along with an explosion in subpoenas for copyright cases that many consider borderline extortion, is precisely why some ISPs have been moving in the direction of retaining less consumer data. It's also why some are opposed to the bill, including Sonic.net, a Santa Rosa firm that hangs onto user logs for only two weeks.

"Out of concern for that, and the right to use the Internet privately, we object," CEO Dane Jasper said.